Pages

Monday, 8 May 2017

Guardian Soulmates users hit with spam after data exposure

Users of Guardian Soulmates have been targeted with sexually explicit spam emails after their contact information was accidentally exposed on the dating site.

Information from users' profiles was included in the spam messages.

The Guardian newspaper's publisher, which runs the service, said "human error" was at fault.

Guardian News & Media blamed a third-party technology for the problem, which has now been fixed.

The BBC was contacted by one user who said they had started receiving sexually explicit spam emails sent to an account they only used with the dating service.

Their Guardian Soulmates username appeared in the messages.

The person, who wishes to remain anonymous, said they first contacted Soulmates six months ago because they were concerned about what other data may have been taken.

"I basically had been receiving spam […] directly referencing information that could only have come from the Soulmates database," said another affected user, who also wished to remain anonymous.

"It's all information that I was happy to put online at one point anyway, but when it's used outside of context like that it does feel a lot more creepy."

The user told the BBC that they alerted Guardian Soulmates in November last year and received an email confirming what had happened in late April.

While the user - who works in IT - said they understood that incidents like this can occur, they were also surprised to be affected as they had not used the site for several years and were no longer paying a membership fee.

A spokeswoman for the site - which costs users up to £32 ($41.50) per month - added that while only email addresses and user IDs had been exposed directly, such information could be used "to find members' publicly available online profiles".

Details on public profiles, such as a photo, relationship preferences and physical description, could then be accessed.

"We can confirm we have received 27 enquiries from our members which show evidence of their email addresses used for their Soulmates account having been exposed," the spokeswoman said, adding that there was no evidence that the data exposure had been caused by an outside party.

"Our ongoing investigations point to a human error by one of our third-party technology providers, which led to an exposure of an extract of data," she said.

Guardian News & Media apologised to affected users and would "continue to review" its processes and third-party suppliers, she told the BBC.